Cookies
-Welcome to https://www.amorea.bg/ (the "Website" or the "Website"), which is managed by Amorea EOOD (hereinafter referred to as the "Provider") and is available throughout world.
Please read this cookie policy carefully before using this website and in case you have any questions about this cookie policy, please contact us at: info@amorea.bg or on 02/987 70 10. If you disagree to some of the terms contained in this cookie policy, you must not use this website.
Моля да прочетете тази политика относно бисквитките внимателно преди да използвате този уеб сайт и в случай, че имате въпроси относно настоящата политика относно бисквитките, моля да се свържете с нас на: info@amorea.bg или на 02/987 70 10. Ако не сте съгласни с някои от условията, съдържащи се в настоящата политика относно бисквитките, вие не трябва да използвате този уеб сайт.
- Amorea EOOD is a commercial company, with UIC: 200673568, with registered office and address of management in Sofia, 6 Kaloyan Str., 2nd floor, office 204, Rila Hotel, for contacts: 02/987 70 10 , e-mail address: info@amorea.bg and website: https://www.amorea.bg/.
-1. What are cookies and how do we use them?
Cookies are small text files that are sent from websites to a visitor's computer or device and are stored in the file directory of the browser that the visitor uses. They collect information about how to use the site in order to recognize the visitor the next time you visit the website and improve the functionality of the site and work with it. This information most often includes: the Internet Protocol (IP) address of the device from which the visitor has access to the platform (usually used to determine a country or city); the type of device from which the visitor accesses the platform (eg computer, mobile phone, tablet, etc.); type of operating system; browser type; specific actions to be taken, including the pages visited, the frequency and duration of visits to the website; date and duration of visits. For more information about cookies, please visit: https://www.allaboutcookies.org/.
Privacy Policy
What is personal data?
According to the General Data Protection Regulation, personal data are defined as:
Any information relating to an identified natural person or an identifiable natural person ("data subject"); an identifiable natural person is an identifiable person, directly or indirectly, in particular by an identifier such as name, identification number, location data, online identifier or one or more features specific to the natural, the physiological, genetic, mental, intellectual, economic, cultural or social identity of that natural person; ".
Why does AMOREA Ltd. collect and store personal data?
In order to provide you with a translation, legalization, copying and scanning service or other content-related services, we need to collect personal data for identification purposes.
We ensure that the information we collect and use is necessary for this purpose and is not intended to enter your personal space.
For the purposes of communication with advertising and marketing intentions, AMOREA Ltd. will ask you for additional consent.
Will you forward and share my personal information with other organizations or individuals?
We will not sell your data to third parties, nor will we transfer it in order to gain any benefit.
AMOREA Ltd. may transfer your personal data to our service subcontractors who have entered into a contract with us.
All third parties who may receive your data are obliged to keep your data secure and use it only to fulfill our obligations to us. When they no longer need your data to fulfill these obligations, they will have detailed instructions for their destruction in accordance with the procedures established by AMOREA EOOD.
When we intend to transfer special (sensitive) personal data to a third party, we will do so only after we have received your consent. (There will be an exception only if we are obliged by law to do otherwise).
Recipients of your data can also be public authorities, to which we provide them under specific and clear legal obligations.
How will you store and store my personal data that you collect
AMOREA EOOD will process (collect, store and use) the information provided by you in a manner compatible with the requirements of the General Data Protection Regulation (GDPR). We will strive to keep the information accurate and up to date.
We will not keep the information about you longer than is reasonably necessary to fulfill the specific purposes for which it was collected and for which you have been notified here.
Some of the retention periods of information depend on legal obligations to keep documents and information within certain minimum time limits.
We will take all foreseeable technical and organizational measures to ensure the protection of your data from unauthorized access.
Can I find out what personal data you have and process?
AMOREA Ltd. at your request is obliged to answer what information we store about you and how it is processed.
• In case we have your personal data, you can request the following information:
• Contact details of the organization that processes or on behalf of which your data is processed.
• Contact details of the Data Protection Officer (if any).
• The purposes of processing;
• The legal basis for the processing;
• The relevant categories of personal data that are processed;
• The recipients or categories of recipients to whom they are or will be disclosed;
• Recipients in third countries or international organizations if there is a transfer of personal data to such, as well as guarantees that their data security will be at least at the EU level;
• If the processing is based on the legitimate interests of AMOREA EOOD or a third party, information about these interests.
• The envisaged term for which the personal data will be stored;
• Details of your rights to request the correction or deletion of personal data or to restrict the processing of personal data, as well as to object to such processing;
• Information about your right to withdraw your consent at any time;
• Details of your right to appeal to a supervisory authority
• Information on whether the provision of personal data is a mandatory or contractual requirement or a requirement necessary for the conclusion of a contract, as well as whether and whether you are obliged to provide personal data and the possible consequences of not being able to provide such data.
• The source from which your personal data was collected, in cases where it was not collected directly by you.
• All details and information on the existence of automated decision-making, such as profiling and any meaningful information on the relevant logic of these operations, as well as the significance and expected consequences of this processing.
How do I access my processed data?
You need to fill out an access request, which you can find on our website or and to send a request to the specified contact details of AMOREA EOOD, or directly to the specified contact details of the Data Protection Officer / Data Protection Officer.
Местоположение:
Location: Country: Republic of Bulgaria
Address: Sofia 1000, 3 Positano Str., Trade House, office №50
Phone: 02/987 70 10
e-mail: info@amorea.bg
Website: www.amorea.bg
Personal data protection
I. Introduction
- 1. General regulation on personal data protection
Regulation (EU) 2016/679 (General Data Protection Regulation) replaces Directive 95/46 / EC on data protection. It has direct effect and implies an amendment to the legislation of the member states in the field of personal data protection. Its purpose is to protect the "rights and freedoms" of individuals and to ensure that personal data are not processed without their knowledge and, where possible, that they are processed with their consent. - 2. Scope outlined by the General Data Protection Regulation
Subject matter (Article 2) - The General Regulation applies to the processing of personal data in whole or in part by automatic means, as well as to the processing of other personal data (eg manually and on paper) that are part of a personal data register or which are intended to form part of a register of personal data.
Territorial scope (Article 3) - the rules of the General Regulation will apply to all data controllers established in the EU who process personal data of individuals in the context of their activities. It will also apply to non-EU controllers who process personal data in order to offer goods and services or if they monitor the behavior of data subjects residing in the EU.
The principle is that the rules of the ORD "follow" the personal data of data subjects located in the European Union. - 3. Concepts
"Personal data" means any information relating to an identified natural person or an identifiable natural person ("data subject"); an identifiable natural person is an identifiable person, directly or indirectly, in particular by an identifier such as name, identification number, location data, online identifier or one or more features specific to the natural, the physiological, genetic, mental, intellectual, economic, cultural or social identity of that individual, as well as any other information determined by applicable law as personal data;
"Special (sensitive) categories of personal data" - personal data revealing racial or ethnic origin, political views, religious or philosophical beliefs, or trade union membership and processing of genetic data, biometric data for unique identification of an individual, data relating to to the health or data concerning the sexual life of a natural person or sexual orientation, as well as all other personal data, which are determined by the applicable law as special.
"Processing" means any operation or set of operations carried out with personal data or a set of personal data by automatic or other means such as collecting, recording, organizing, structuring, storing, adapting or modifying, retrieving, consulting, using, disclosing by transmission , disseminating or otherwise making the data accessible, arranging or combining, restricting, deleting or destroying it;
"Administrator" means any natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by EU law or the law of the a Member State, the administrator or the specific criteria for its determination may be laid down in Union law or in the law of a Member State;
"Data subject" - any living natural person who is the subject of personal data stored by the Administrator.
"Consent of the data subject" - any freely expressed, specific, informed and unambiguous indication of the will of the data subject, by means of a statement or clearly confirming action expressing his consent to the processing of personal data relating to him;
"Child" - The General Regulation defines a child as anyone under the age of 16, although this may be reduced to 13 by the law of the Member State. The processing of a child's personal data is lawful only if a parent or guardian has given consent. The administrator shall make reasonable efforts to verify in such cases that the holder of parental responsibility for the child has given or is authorized to give his or her consent.
"Profiling" means any form of automated processing of personal data, in the form of the use of personal data for the assessment of certain personal aspects relating to an individual, and in particular for the analysis or forecasting of aspects relating to the performance of professional duties. of that individual, his economic condition, health, personal preferences, interests, reliability, behavior, location or movement;
"Violation of the security of personal data" - a breach of security that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data that is transmitted, stored or otherwise processed ;
"Main place of establishment" - the seat of the controller in the EU will be the place where he makes the main decisions for the purpose and means of his data processing activities. With regard to the processor, its main place of establishment in the EU will be the place where its head office is located in the Union or, if the processor does not have a head office in the Union, the place where the processor is established in the Union. the main processing activities.
If the administrator is based outside the EU, he must appoint a representative in the jurisdiction in which the administrator works to act on behalf of the administrator and to deal with supervisors. (Article 4 item 16) of the ORD
"Recipient" means a natural or legal person, public authority, agency or any other body to which personal data are disclosed, whether a third party or not. Union law or the law of a Member State shall not be considered as "recipients"; the processing of such data by those public authorities complies with the applicable data protection rules in accordance with the purposes of the processing;
"Third party" means any natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor and the persons who, under the direct supervision of the controller or the processor, have the right to process personal data. ;
See Art. 4 of the ORD, where the definitions for each of the above are given.
II. Declaration on personal data protection policy - The management of AMOREA EOOD undertakes to ensure compliance with the legislation of the EU and the Member States regarding the processing of personal data and the protection of the "rights and freedoms" of the persons whose personal data AMOREA EOOD collects and processes in accordance with the General Protection Regulation. data (Regulation (EU) 2016/679).
The controller undertakes to ensure the compliance of all activities it performs, collection and processing of personal data, in accordance with the requirements of the ORD. - In accordance with the General Regulation, other relevant documents, as well as related processes and procedures, are described in this policy.
- This policy applies to all activities for the processing of personal data, including those carried out on personal data of customers, employees, suppliers and partners and any other personal data that the organization of AMOREA Ltd. processes from various sources.
- The administrator shall keep a Register of processing activities. In the cases when the keeping of the register is assigned to the Data Protection Officer / the person in charge of personal data protection, he is responsible for the introduction in this register of any changes in the activities of AMOREA EOOD, as well as of all other additional requirements, in t .h. data protection impact assessments. This register must be available at the request of the supervisory authority.
- This policy applies to all employees / workers (and stakeholders) of AMOREA EOOD, as well as to processors and their staff members. Any violation of the General Regulation will be considered as a violation of labor discipline, and in case there is a suspicion of a crime, the issue will be submitted for consideration as soon as possible to the relevant state authorities for criminal liability.
- Third parties working with or for AMOREA EOOD, incl. partners, external suppliers, customers, etc., as well as those who have or may have access to the personal data of the administrator, are obliged to familiarize themselves with and comply with this policy. The administrator is obliged to conclude an agreement on data confidentiality with any third party to which it provides access to personal data processed by him, which entitles AMOREA EOOD to verify compliance with the obligations imposed by the agreement, unless processing is required. from EU law or from the law of a Member State.
III. Obligations and responsibilities under Regulation (EU) 2016/679 - AMOREA EOOD is a data controller according to Regulation (EU) 2016/679 and bears all responsibility and risks of possible non-compliance with the requirements of the ORD, including is responsible for developing and promoting good practices in the field of personal data processing in AMOREA EOOD
- Processor of personal data is any person outside the organization of the controller who directly processes personal data on behalf of the controller - stores, digitizes, catalogs, etc. the whole information.;
- The Data Protection Officer, resp. the person who, by job description or assignment, performs tasks related to personal data protection (responsible person / data protection officer), takes part in the meetings of the management of the administrator, at which issues in the field of personal data protection are discussed, and advises the controller to prove compliance with the legislation in the field of data protection and good practices.
(Exemplary job description of DPRD (GDPR_FORM_03) and (Exemplary job description of Data Protection Officer) (GDPR_FORM_03A).
Data Protection Officer (DPO) - the role of the Data Protection Officer, when his / her appointment is mandatory and what the requirements are described in detail in Art. 37-39 of the ORD.
Data Protection Officer - in cases where it is not mandatory to appoint a DPP, the working group under Art. 29 states the following: “Nothing prevents an organization that is not obliged by law to designate a DPO and does not wish to designate a DPO on a voluntary basis to nevertheless hire staff or external consultants to carry out personal data protection tasks. . In this case, it is important to ensure that there is no confusion as to title, status, position and tasks. Therefore, in all communications within the company, as well as with data protection authorities, data subjects and the general public, it should be clarified that the position of the natural person or consultant in question is not a data protection officer (DLPD). ). ”(See: Guidelines for Data Protection Officers, Section 2.1.) We have called the title of this post“ Responsible ”for convenience, but may be replaced by another that the Administrator deems appropriate.
This DLPD reporting includes:
• developing and implementing the requirements of REGULATION (EU) 2016/679 as required by this policy;
• security and risk management in relation to policy compliance. - The data protection officer, who should be appropriate, qualified and experienced, shall be elected by the controller's governing body (depending on its structure and legal form). The DPO is obliged to advise and inform the administrator about the application of the DPO and other acts of domestic and European legislation in the field of personal data protection, in accordance with its contractual obligations and the requirements of the DPO, including monitoring the implementation of this policy.
- The DPO also has specific obligations under the DPO - all requests from data subjects are addressed to him (see "Procedure for managing requests from subjects") (GDPR_PROC_02) and is a contact point for the administrator's staff who request clarifications on any aspect of the data subject. compliance with data protection The DPO is also the contact person before the supervisory authority.
- The observance of the legislation for data protection is the responsibility of all employees of AMOREA EOOD, who process personal data, depending on their duties and job descriptions.
- The training policy of AMOREA EOOD (Training policy (GDPR_POL_02)) determines the specific requirements for training and information in connection with the specific roles of the employees of AMOREA EOOD
Principles of data protection
All processing of personal data must be carried out in accordance with the principles of data protection set out in Article 5 of Regulation (EU) 2016/679. The policies and procedures of AMOREA EOOD aim to ensure compliance with these principles - Personal data must be processed lawfully, in good faith and transparently.
Legitimate - to identify a legal basis before processing personal data. These are the so-called "grounds for processing", for example "consent". The consent of the subject is one of the grounds for processing personal data. This may also be the performance of a contract or a legitimate interest of the administrator, in which case consent does not need to be given.
In good faith - in order for the processing to be in good faith, the data controller must provide certain information to the data subjects, necessary in each specific case and for each specific purpose, in an understandable, concise and accessible to the data subject. This applies whether the personal data are obtained directly from the data subjects or from other sources.
Transparent - Regulation (EU) 2016/679 sets out requirements as to what information must be made available to data subjects, which is covered by the principle of "transparency" set out in Articles 12, 13 and 14 of the DPA. According to the cited provisions of the ORD, the information must be communicated to the data subject in an understandable form, using clear and understandable language, ie. the privacy statements signed by data subjects must be detailed and specific, comprehensible and accessible.
The rules for notifying the data subject by AMOREA EOOD are defined in the Procedure for transparency in the processing of personal data (GDPR_PROC_02) and the notification is recorded in a Sample Privacy Statement (notification for confidential treatment of personal data) (GDPR_FORM_01).
The specific information to be provided to the data subject must include at least:
• data that identifies the administrator and the contact details of the administrator and, if any, of the administrator's representative;
• the contacts of the DLPD (when specified);
• the purposes of the processing for which the personal data are intended as well as the legal basis for the processing;
• the period for which the personal data will be stored;
• the existence of the following rights - to request access to data, correction, deletion ("right to be forgotten"), restriction of processing, as well as the right to object to the conditions (or lack thereof) in connection with the exercise of these rights;
• categories of personal data;
• the recipients or categories of recipients of personal data, where applicable;
• where applicable, whether the controller intends to transfer personal data to a recipient in a third country and the level of data protection;
• any additional information necessary to ensure fair processing. - 2. Personal data may only be collected for specific, explicit and legitimate purposes.
The data obtained for specific purposes should be collected and processed only for those purposes that correspond to the processing activities included in the Register of data processing activities (Art. 30 ORZD) of AMOREA EOOD. Procedure for transparency in the processing of personal data (GDPR_PROC_02) sets out the relevant rules. - The personal data collected by the controller must be limited to what is necessary for the relevant purpose of processing (principle of minimizing the data that can be processed for the specific subject
• The DPO / Data Protection Officer monitors the collection of only this information that is strictly necessary for the purpose of processing.
• All data collection forms (electronic or paper), including data collection requirements in new information systems, must include a statement of good faith processing or a link to a Privacy Notice (Privacy Statement) (GDPR_FORM_01) and be approved by the DPP.
• The Data Protection Officer / Data Protection Officer has obligations to carry out periodic inspections (specify periodicity, but at least once a year) to ensure that the data collected continue to be adequate, relevant and not excessive (Procedure for data protection impact assessment (GDPR_PROC_09) and the impact assessment methodology you used). - Personal data must be accurate and up-to-date at all times, and the necessary efforts must be made to enable immediate (within the scope of possible technical solutions) deletion or rectification.
• The data stored by the data controller should be reviewed and updated as necessary. Data should not be stored in cases where it is likely to be inaccurate.
• The Data Protection Officer / Data Protection Officer must ensure that all staff are trained in the importance of collecting and maintaining accurate data
• Also, the obligation of the data subject is to declare that the data they transmit for storage by AMOREA EOOD is accurate and up-to-date. The completion of a form by the data subject intended for the controller will include a statement that the data contained therein are accurate as of the date of submission.
• Employees / employees (customers / others) should be required to notify AMOREA EOOD